Review by Brian EggertJuly 9, 2016

When it comes to an accessible watchdog, go no further than Alex Gibney, the prolific and probing documentarian who, just in the last three years, has confronted subjects including WikiLeaks, Steve Jobs, James Brown, Lance Armstrong, and Scientology. In Zero Days, he takes an urgent look at Stuxnet, an offensive cyber-weapon most of his governmental interview subjects are afraid to even speak about on camera for its classified status. While detailing Stuxnet’s creation, dispersal, and eventual backfire, Gibney also offers a frightening look into how an ongoing cyber-war already exists in our world. And given this, Gibney and several of his interviewees call for new international policies and dialogue about the cyber-weaponry, which is no longer as secretive as many wish it was.

Gibney excels at breaking down complicated subjects through straightforward interviews and, in the case of his 2013 doc on WikiLeaks, with the help of digitized, easy-to-understand visual diagrams. He employs a similar approach in Zero Days, taking his audience through complicated technical explanations even the layman will understand. Nevertheless, much like Going Clear: Scientology and the Prison of Belief, the director’s doc on HBO last year, Gibney provides a mere general overview. If you still have questions after Zero Days, reading a book or two might do the trick. Kim Zetter’s Countdown To Zero Day: Stuxnet And The Launch Of The World’s First Digital Weapon, or Dan Raviv and Yossi Melman’s Spies Against Armageddon: Inside Israel’s Secret Wars have both been well regarded. Articles by New York Times correspondent David Sanger, who provides a lot of interview time in Zero Days, would also be a good place to start.

Much of what Gibney presents is straightforward and, finally, quite scary. The doc begins with an investigation led by Symantec Research Labs, who first spotted Stuxnet malware in 2010. After their preliminary findings, Symantec realized no typical hacker could have designed such a sophisticated worm; instead, it was probably designed by a well-financed nation state. What’s more, before it spread, Stuxnet was originally designed with a very specific purpose: to interrupt normal operations within Iran’s nuclear centrifuges in Natanz. Despite its exact purpose, Stuxnet has contaminated tens of thousands of Windows PCs the world over, inciting Symantec’s investigation and also a major investigation by Homeland Security. To determine who is responsible for this worm, you need only ask one question: Who on Earth would want to tamper with Iran’s nuclear capabilities? From here, Gibney delves into the complicated history between the U.S. and Iran over nuclear power, and how the U.S. government once provided Iran with nuclear power, though in recent decades tried to prevent it.

Most of Gibney’s talking heads decline to speak about Stuxnet. There’s an almost laughable montage of official after official declining to point a finger at the responsible party. Their refusals are blunt and absolute. However, an alleged NSA source agrees to appear on camera only if her image remains digitally altered. A modern day Max Headroom, this undisclosed whistleblower provides damaging, often comically frank detail about what really happened—that U.S. and Israeli governments collaborated on Stuxnet to prevent Iran’s nuclear progression. But Israel’s cyber-group called Unit 8200 changed the code without U.S. authorization, transforming the worm from a self-contained entity into one that spread throughout the world. Gibney’s witness also warns that the project, dubbed “Olympic Games”, was just the first part of a much larger contingency, code-named “Nitro Zeus”, which has the ability to cripple a country’s entire infrastructure. And since Iran was eventually able to reverse-engineer Stuxnet and use the code against the U.S. in two major deliberate demonstrations of their cyber capabilities, Gibney’s NSA source fears what might happen if someone decides to shut down the U.S. grid.

Just as Gibney used an actress in his Elliot Spitzer doc Client 9, his NSA witness is eventually (and predictably) revealed to be an actress (Joanne Tucker) performing statements by various official witnesses who declined to appear on-camera—largely because the U.S. intelligence community refuses any open dialogue about cyber-weaponry. In an apt comparison, Zero Days equates cyber-weaponry to nuclear armories, since both arsenals remain devastatingly powerful, and using them in any kind of ongoing war could quickly give way to a level of mass-death for millions. In the past, nuclear treaties with countries like Russia resulted in open discussions about stockpiles and a clear willingness not to use WMDs. But there’s no forum to debate cyber-weaponry, and as indicated by Gen. Michael Hayden, former director of both the CIA and NSA, that’s an over-secretive policy, if not a wholly dangerous one.

Gibney demonstrates how the U.S. government refuses to admit its role in Stuxnet, Olympic Games, Nitro Zeus, or any other offensive cyber-weapons—to a staggering degree. Consider the millions in federal dollars spent on Homeland Security’s investigation into Stuxnet attacks on U.S. computers; little did they know, they were investigating a cyber-weapon created by their own government. (You would think Homeland Security would have received a head’s up from the Obama administration, just to avoid wasting millions of taxpayer dollars, but you would be wrong.) Zero Days leaves its audience to consider the frightening reality that an enemy nation could attack and leave the U.S. infrastructure crippled. And, as the title indicates, Stuxnet and similar cyber-weapons leave no response time whatsoever after the attack is carried out. In his fascinating and terrifying doc, Gibney effectively sketches out a very real danger floating in the ether of cyberspace and global politics, and he calls for an open discussion before the world’s powers consider using their cyber-arsenal, or worse, the lights go out.